US11562083B2ActiveUtilityA1

Data access management for a composition

48
Assignee: HEWLETT PACKARD ENTPR DEV LPPriority: Jul 30, 2018Filed: Jul 30, 2018Granted: Jan 24, 2023
Est. expiryJul 30, 2038(~12.1 yrs left)· nominal 20-yr term from priority
Inventors:Justin York
H04L 63/108H04L 9/0869H04L 9/088G06F 21/62H04L 63/062H04L 9/083G06F 21/85G06F 21/79G06F 2221/2107H04L 9/12H04L 9/16H04L 63/068
48
PatentIndex Score
0
Cited by
15
References
20
Claims

Abstract

Systems and methods provide a transient component limited access to data in a composition. One method includes receiving a request for the transient component to access data in the composition. The composition may include permanent components operable to utilize encryption keys generated at selected intervals from a seed value shared by the permanent components. The encryption keys utilized by the permanent components at each selected interval may be identical to one another. The method also includes generating a set of encryption keys from the seed value for a specified period of time. The set of encryption keys may be identical to the encryption keys to be utilized by the permanent components at the selected intervals to occur during the specified period of time. The method further includes granting the transient component access to data in the composition for the specified period of time via the set of encryption keys.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A computer-implemented method for providing a transient component limited access to data in a composition, comprising:
 receiving an encryption key at each of a plurality of intervals from a seed value shared by a plurality of permanent components, wherein a permanent component comprises a component having access to one composition, wherein the composition comprises a group of components that form a desired computing system; 
 receiving a request for the transient component to access data in the composition, wherein the transient component comprises a component having access to a plurality of compositions and having limited access to the seed value; 
 generating a matching encryption key at selected intervals of the plurality of intervals to be utilized at the transient component, wherein each matching encryption key is identical to the encryption key received for the interval; 
 providing the matching encryption keys to the transient component during the selected intervals; and 
 granting the transient component access to data in the composition for the specified period of time via the set of encryption keys. 
 
     
     
       2. The computer-implemented method of  claim 1 , wherein the transient component is communicatively coupled to at least one other composition. 
     
     
       3. The computer-implemented method of  claim 2 , wherein the composition is a first server, and the at least one other composition includes a second server. 
     
     
       4. The computer-implemented method of  claim 1 , further comprising:
 denying the transient component access to data in the composition outside of the specified period of time. 
 
     
     
       5. The computer-implemented method of  claim 1 , further comprising:
 during the specified period of time, generating, via the plurality of permanent components or a processor communicatively coupled to each of the permanent components, the encryption keys at the plurality of intervals occurring during the specified period of time. 
 
     
     
       6. The computer-implemented method of  claim 5 , wherein:
 the processor is communicatively coupled to the transient component; and 
 the processor is operable to generate the set of encryption keys from the seed value for the specified period of time. 
 
     
     
       7. The computer-implemented method of  claim 6 , further comprising:
 transmitting the set of encryption keys to the transient component from the processor; 
 utilizing, concurrently, a first encryption key of the set of encryption keys from the transient component and a first encryption key of the plurality of permanent components at a first of the plurality of intervals occurring during the specified period of time, the first encryption key of the set of encryption keys and the first encryption key of the plurality of permanent components being identical to one another; and 
 utilizing, concurrently, a second encryption key of the set of encryption keys from the transient component and a second encryption key of the plurality of permanent components at a second of the plurality of intervals occurring during the specified period of time, the second encryption key of the set of encryption keys and the second encryption key of the plurality of permanent components being identical to one another. 
 
     
     
       8. The computer-implemented method of  claim 5 , wherein generating the set of encryption keys from the seed value for the specified period of time is carried out prior to the specified period of time. 
     
     
       9. The computer-implemented method of  claim 1 , wherein:
 the permanent components are communicatively coupled with one another via a network; and 
 the permanent components and the transient component are communicatively coupled during the specified period of time via the network. 
 
     
     
       10. A data access management system comprising:
 a network interface; 
 a non-transitory computer-readable medium; and 
 one or more processors, communicatively coupled to the non-transitory computer-readable medium and the network interface, wherein the non-transitory computer-readable medium stores instructions, that when executed by the one or more processors, cause the one or more processors to:
 receive an encryption key at each of a plurality of intervals from a seed value shared by a plurality of permanent components, wherein a permanent component comprises a component having access to one composition, wherein the composition comprises a group of components that form a desired computing system; 
 receive a request for the transient component to access data in the composition, wherein the transient component comprises a component having access to a plurality of compositions and having limited access to the seed value; 
 generate a matching encryption key at selected intervals of the plurality of intervals to be utilized at the transient component, wherein each matching encryption key is identical to the encryption key received for the interval; 
 provide the matching encryption keys to the transient component during the selected intervals; and 
 grant the transient component access to data in the composition for the specified period of time via the set of encryption keys. 
 
 
     
     
       11. The data access management system of  claim 10 , wherein the non-transitory computer-readable medium stores instructions, that when executed by the one or more processors, further cause the one or more processors to:
 deny the first component access to data in the composition outside of the specified period of time. 
 
     
     
       12. The data access management system of  claim 10 , wherein the first component is communicatively coupled to at least one other composition. 
     
     
       13. The data access management system of  claim 12 , wherein the composition is a first server, and the at least one other composition includes a second server. 
     
     
       14. The data access management system of  claim 13 , wherein:
 the second components are communicatively coupled with one another via a network; and 
 the second components and the first component are communicatively coupled during the specified period of time via the network. 
 
     
     
       15. The data access management system of  claim 10 , wherein the second components are granted access to data in the composition outside of the specified period of time. 
     
     
       16. The data access management system of  claim 10 , wherein the non-transitory computer-readable medium stores instructions, that when executed by the one or more processors, further cause the one or more processors to:
 generate the encryption keys utilized by the second components at the plurality of intervals occurring during the specified period of time. 
 
     
     
       17. The data access management system of  claim 10 , wherein the instructions, that when executed by the one or more processors, further cause the one or more processors to generate the set of encryption keys prior to the specified period of time. 
     
     
       18. A non-transitory computer-readable medium comprising computer executable instructions stored, which when executed, cause a processor to:
 receive an encryption key at each of a plurality of intervals from a seed value shared by a plurality of permanent components, wherein a permanent component comprises a component having access to one composition, wherein the composition comprises a group of components that form a desired computing system; 
 receive a request for the transient component to access data in the composition, wherein the transient component comprises a component having access to a plurality of compositions and having limited access to the seed value; 
 generate a matching encryption key at selected intervals of the plurality of intervals to be utilized at the transient component, wherein each matching encryption key is identical to the encryption key received for the interval; 
 provide the matching encryption keys to the transient component during the selected intervals; and 
 grant the transient component access to data in the composition for the specified period of time via the set of encryption keys. 
 
     
     
       19. The non-transitory computer-readable medium of  claim 18 , wherein the instructions stored, which when executed, further cause the processor to:
 deny the first component access to data in the composition outside of the specified period of time; and 
 grant the plurality of second components access to data in the composition outside of the specified period of time. 
 
     
     
       20. The non-transitory computer-readable medium of  claim 19 , wherein:
 the first component is communicatively coupled to at least one other composition; 
 the composition is a first server, and the at least one other composition includes a second server; 
 the plurality of second components are communicatively coupled with one another via a network; and 
 the plurality of second components and the first component are communicatively coupled during the specified period of time via the network.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.